CVE-2026-23570— Log timestamp tampering vulnerability in Content Distribution Service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-23570
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Log timestamp tampering vulnerability in Content Distribution Service
Source: NVD (National Vulnerability Database)
Vulnerability Description
A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged or nonsensical datetime prefixes and compromising log integrity and forensic correlation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
TeamViewer DEX Client 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TeamViewer DEX Client是德国TeamViewer公司的一个数字化员工体验和终端管理软件。 TeamViewer DEX Client 26.1之前版本存在安全漏洞,该漏洞源于Content Distribution Service缺少对用户控制值的验证,可能导致日志时间戳被篡改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TeamViewer | DEX | 0 ~ 26.1 | - |
II. Public POCs for CVE-2026-23570
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-23570
请登录查看更多情报信息。
Same Patch Batch · TeamViewer · 2026-01-29 · 9 CVEs total
| CVE-2026-23571 | 6.8 MEDIUM | Command Injection in 1E-Nomad-RunPkgStatusRequest Instruction in TeamViewer DEX |
| CVE-2026-23569 | 6.5 MEDIUM | Out-of-bounds read vulnerability in Content Distribution Service |
| CVE-2026-23564 | 6.5 MEDIUM | Transmission of Unencrypted Data in Content Distribution Service |
| CVE-2026-23565 | 6.5 MEDIUM | Denial-of-Service in Content Distribution Service |
| CVE-2026-23567 | 6.5 MEDIUM | Integer underflow in Content Distribution Service UDP handler |
| CVE-2026-23566 | 6.5 MEDIUM | Log Injection in Content Distribution Service UDP Handler |
| CVE-2026-23563 | 5.7 MEDIUM | Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction |
| CVE-2026-23568 | 5.4 MEDIUM | Out-of-bounds read vulnerability in Content Distribution Service |
IV. Related Vulnerabilities
Same product: DEX
- CVE-2026-23569
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23568
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23567
Integer underflow in Content Distribution Service UDP handle - CVE-2026-23566
Log Injection in Content Distribution Service UDP Handler - CVE-2026-23565
Denial-of-Service in Content Distribution Service
Same vendor: TeamViewer
- CVE-2026-23572
Improper Access Control in TeamViewer clients - CVE-2026-23569
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23568
Out-of-bounds read vulnerability in Content Distribution Ser - CVE-2026-23567
Integer underflow in Content Distribution Service UDP handle - CVE-2026-23566
Log Injection in Content Distribution Service UDP Handler
Same weakness: CWE-20
V. Comments for CVE-2026-23570
No comments yet